3263 matches found
E-Detective Lawful Interception System - Multiple Vulnerabilities
Advisory: E-Detective Lawful Interception System multiple security vulnerabilities Date: 14/06/2015 CVE: unassigned Authors: Mustafa Al-Bassam https://musalbas.com slipstream/RoL https://twitter.com/TheWack0lian Software: Decision Group E-Detective Lawful Interception System Vendor URL:...
E-Detective Lawful Interception System - Multiple Vulnerabilities
E-Detective Lawful Interception System - Multiple Vulnerabilities Advisory: E-Detective Lawful Interception System multiple security vulnerabilities Date: 14/06/2015 CVE: unassigned Authors: Mustafa Al-Bassam https://musalbas.com slipstream/RoL https://twitter.com/TheWack0lian Software: Decision...
E-Detective Lawful Interception System LFD / Code Execution
Advisory: E-Detective Lawful Interception System multiple security vulnerabilities Date: 14/06/2015 CVE: unassigned Authors: Mustafa Al-Bassam https://musalbas.com slipstream/RoL https://twitter.com/TheWack0lian Software: Decision Group E-Detective Lawful Interception System Vendor URL:...
REMnux v6 - A Linux Toolkit for Reverse-Engineering and Analyzing Malware
REMnux is a free Linux toolkit for assisting malware analysts with reverse-engineering malicious software. It strives to make it easier for forensic investigators and incident responders to start using the variety of freely-available tools that can examine malware, yet might be difficult to locat...
Proxenet - Hacker Friendly Proxy for Web Application Penetration Tests
Proxenet is a hacker friendly proxy for web application penetration tests. proxenet is a multi-threaded proxy which allows you manipulate your HTTP requests and responses using your favorite scripting language. No need to learn Java like for Burp or Python like for mitmproxy. proxenet supports...
Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerability
A vulnerability in the Cisco FireSIGHT Management Center could allow an authenticated, remote attacker to perform cross-site scripting XSS attacks. The vulnerability is due to insufficient input validation of some parameters passed via HTTP GET or POST methods. An attacker could exploit this...
Splunk Enterprise 5.0.x < 5.0.13 / 6.0.x < 6.0.9 / 6.1.x < 6.1.8 OpenSSL Vulnerabilities (FREAK)
According to its version number, the Splunk Enterprise hosted on the remote web server is 5.0.x prior to 5.0.13, 6.0.x prior to 6.0.9, or 6.1.x prior to 6.1.4. It is, therefore, affected by the following vulnerabilities related to the included OpenSSL library : - A security feature bypass...
Researchers Exploit Windows Group Policy Bug Patched in February
Researchers from Core Security were able to exploit a security vulnerability in Windows Group Policy — MS15-011 — that was patched in February by Microsoft. Nicolas Economou, a senior exploit writer at Core Security, explained in a blog entry last week that Microsoft had in fact fixed the bug,...
CVE-2015-1915
The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9.0.1 before IF6 and 9.1.0 before IF6 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by interceptin...
Memory corruption
The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9.0.1 before IF6 and 9.1.0 before IF6 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by interceptin...
Apple Watch multiple security vulnerabilities
Information interception, memory corruptions, code execution, information disclosure, DoS, privilege escalation...
TLS and SSL Diffie-Hellman Key Downgrade Weakness (CVE-2015-1716; CVE-2015-4000)
A vulnerability has been detected in the way TLS protocol handles weak, legacy cipher suites. An attacker might leverage this vulnerability to intercept secure communications...
CVE-2015-1848
The pcs daemon pcsd in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerabili...
CVE-2015-1848
The pcs daemon pcsd in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerabili...
CVE-2015-1848
The CVE-2015-1848 entry concerns the PCS daemon (pcsd) in PCS 0.9.137 and earlier failing to set the Secure flag on cookies in HTTPS sessions (CVE-2015-1848); CVE-2015-3983 covers the related issue of not setting the HttpOnly flag. Multiple open-source advisories (Fedora/CentOS and related feeds)...
Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2602-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2602-1 advisory. Jesse Ruderman, Mats Palmgren, Byron Campen, Steve Fink, Gary Kwong, Andrew McCreight, Christian Holler, Jon Coppeard, and Milan Sreckovic discovered...
Use sslsplit to sniff tls/ssl connections-vulnerability warning-the black bar safety net
I recently demonstrated how to use mitmproxty perform MiTM attack on HTTPSconnection. When mitmproxy work to support HTTP-based communication, it does not know the other based on the TLS/SSL traffic, such as FTPS, SSL SMTP through SSL IMAP or some other covering TLS/SSL Protocol. SSLsplit is a...
PT-2015-5470 · Pcs +2 · Pcs +2
Name of the Vulnerable Software and Affected Versions: PCS versions 0.9.137 and earlier Description: The issue concerns the pcs daemon pcsd in PCS, where it fails to set the secure flag for a cookie in an https session. This oversight makes it easier for remote attackers to capture the cookie by...
Untrusted site hosting trusted page can intercept webchannel responses — Mozilla
Mozilla developer Mark Hammond reported a flaw in how WebChannel.jsm handles message traffic. He found that when a trusted page is hosted within an on an untrusted third-party untrusted framing page, the untrusted page could intercept webchannel responses meant for the trusted page, bypassing...
Zhejiang Dahua camera has authentication vulnerability
Zhejiang Dahua Technology Co., Ltd. is a leading supplier of surveillance products and solution service providers, providing leading video storage, front-end, display control and intelligent transportation series of products for the world. A man-in-the-middle attack-based authentication...